Re: (inc. note from dpkg developers) Re: Bug#XXXXXX: (far too many packages) needs rebuilt for prelinking
On Sun, Jan 19, 2003 at 02:30:51PM -0800, Stephen Zander wrote:
> Tripwire doesn't rely on *any* outside objects, it's built static to
> explicitly avoid such issues so all you're left having to trust is the
> tripwire executable itself.
And the kernel...and the execution environment...are you really running the
binary that you think you are? Are you really seeing its output?
This kind of verification requires a trusted system, from the ground up, in
order to be trustworthy. Nothing less will do. Whatever programs are
necessary to perform the verification must reside on, and only be accessible
by, the trusted system.
Prelinking, it would seem, adds another program to the list of things that
must be maintained in the trusted system, and also complicates the
verification process by interposing an unprelinking step before any
prelinked binaries can be verified.
I don't understand why the original binary needs to be modified in order to
provide this performance increase. But then, I haven't bothered to
investigate prelinking either.